Configuration Issue

ray_stone · ‎04-04-2008

Hi, We are using ASA FW and all configuration is setup properly but we have an issue but we are not sure is it required any configuration on FW or its a conf issue. DMZ machines and Internal DB machines are getting access wach other fine and one of www (web Server) is in DMZ zone and enable static nating for outside users and map dns (A) host entry with the public IP like www.yahoo.com and map this url with public ip 22.22.22.22 and this public ip map with local ip 1.1.1.1 by natting and outside users are able to access this app fine but the other server 1.1.1.2 (loacl Ip) try to access the app like www.yahoo.com then it doent work but when it tries to resolve yahoo web site by local ip 1.1.1.1 then it works fine. Can anyone tell us is it a conf issue if it is then what must we do?? Thanks.

abhisheksen · ‎04-05-2008

Hi,

Though ithe problem is not very much clear from your post, I am replying what I understood.

You have to configure NAT for that,either static or PAT.In ASA there is a default NAT-CONTROL.This means every ip wats to pass through pix/ASA , needs a nat rule.Fot PAT configure this:

nat(dmz_int)1 1.1.1.0 255.255.255.0

global(outside_int)1 interface

By giving this commands your internal servers can access outside(internet).But if you want outsiders also access your server ,you hane to configure static nat.